Windows Live OneCare Review
Microsoft have decided to enter the Anti-malware market with their security suite that contains anti-virus, anti-spyware, a firewall, a tune-up module and a new backup/restore solution. Sounds good so far, but what does all this do, and how well does it do it?
First, the Anti-virus software. Unlike many other solutions, this one does not have a "E-Mail" plug-in type virus scanner that will check your mail as you download it. However, it still checks your e-mail for viruses, but a little later in the process. Although e-mails are still checked for viruses, this method limits the effectiveness of the virus scanning. While other solutions may detect and respond to viruses in zip files in incoming messages, this one does not. At least not when using Outlook and PSTs with compressible encryption. A zip file containing a well known virus was not reported by the AV software as being infected, and it wasn't until the zip file was opened and attempts at moving the infected file out of the zip file that the system reported the infected file.
The AV software also have very limited options; beyond "on" and "off", there are none. You can't turn off individual features, schedule times to check for updates or even see what features are available.
Next, the firewall. Unlike the firewall that comes with Windows XP SP2, this one has outbound application control. Any application that hasn't been specifically allowed outbound access will be denied such access until the user allows it. In this regard, this solution doesn't appear to be any different than many other solutions. It correctly identifies the applications, and allow you to specify if the application can access the internet or only the local network.
There are also very few options with regards to the firewall. There's 3 settings; "off", "Auto" and "Prompt". The later simply implies that the user should be prompted whenever a new application wants to connect out. "Off" means that the firewall is off (more on that later), and "Auto" allows/denies access based on "current firewall policy", whatever that means. This may imply that firewall policy can be pushed out with GPO or centrally managed by some other means. This is the choice recommended by Microsoft. However, if you really want control over what applications are getting outbound access, "Prompt" is probably the better choice.
The advanced options for the firewall lets you change/add/remove applications from the list of programs. If you have accidentally denied a program access, you can go in here and fix it. You can also add policies for allowing/denying access on individual ports or port ranges, both inbound and outbound as well as for local or internet access. All in all, a nice feature set, which matches other solutions.
One problem that I ran into was that turning the firewall off doesn't always turn the firewall completely off. There is still something there that is doing things it shouldn't do. For instance, I need to have port 80 closed on my computer. That is closed and not "stealth". When the firewall is running, all ports are "stealth", meaning they will not send any response whatsoever to any connection attempt. This the connection will have to wait for a timeout rather than appropriately getting the "we're closed" response and aborting the connection attempt. Since I don't want this feature for port 80 on my computers, I decided to allow connections to port 80 on my computer. However, the result was the same. There's a long pause before the connection is timed out. The same occurs if the firewall is turned off, so "off" doesn't really mean "off", at least not with regards to incoming connections.
The Anti-Spyware solution is essentially the same as the Windows Defender. It seems it has just be packaged into this solution and that's that. Windows Defender is a good solution, but it does have its shortcomings. Going from "Microsoft AntiSpyware" to "Windows Defender", a large number of options and features appears to have been dropped. It still does a good job at catching spyware and adware... at least what Microsoft considers spyware and adware. There's been some controversy regarding some products that Microsoft have removed from the Spyware list that is still spyware...
The "Performance Tuning" is really nothing new. It simply performs some standard tasks in order in an attempt to make your computer faster. Essentially, it's virus scan, spyware scan, disk cleanup and disk defrag put into one package. All these things with one click, how easy is that?
The backup solution is nothing new. Yes, it's different from what already comes with Windows. It can back up your files to an external hard drive or to a writable CD/DVD. I could not see any way to back up to my tape drive, which is a bummer... Also, you cannot back up to an internal hard drive, which is also a bummer. The word from Microsoft is that this may be added in a later update. However, that is little consolation for those who have purchased a 500GB internal drive to use for backups...
Conclusion: Windows Live OneCare gets a passing grade, but just barely. Many will balk at the apparent lack of E-Mail scanning. Considering that most viruses comes through E-Mail, one would have expected Microsoft to ensure that any viruses found in incoming E-Mails would have been dealt with instantly. Sadly, this does not appear to be the case.
© 1999 - 2006 Lars M. Hansen